Re: [sqlmap-users] Problem with using Webscarab conversations
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Problem with using Webscarab conversations
|
From: Antonios A. <ant...@gm...> - 2011-01-30 20:13:47
|
Hi Miroslav, first of all, please let me apologize for my late response. I downloaded the latest svn tonight and I tested against webscarab conversation using the batch mode. It does seem to process them but it does not detect the existing SQLi. Please let me know if you want any further information. Antonios 2011/1/20 Miroslav Stampar <mir...@gm...> > hi. > > with last commit you can find support for WebScarab log files. if you > find any "problems" related please report. > > only one warning: you won't be able to process POST requests as > WebScarab "smartly" stores their bodies in separate files. > > kr > > On Thu, Jan 20, 2011 at 12:32 PM, Miroslav Stampar > <mir...@gm...> wrote: > > hi Antonios. > > > > no worry. gonna fix it probably today. > > > > kr > > > > On Thu, Jan 20, 2011 at 12:22 PM, Antonios Atlasis > > <ant...@gm...> wrote: > >> Thanks for your reply. > >> > >> The problem is that the free version of Burpsuite does not allow to save > the > >> spidering results; this is why I rely on webscarab. > >> > >> Thanks again > >> > >> Antonios > >> . > >> 2011/1/20 Miroslav Stampar <mir...@gm...> > >>> > >>> LOL > >>> > >>> we've stated that we support WebScarab logs, while we don't :) > >>> > >>> thx for reporting. > >>> > >>> we'll see what we can do. in the mean time you can try to use Burp > >>> which logs we should support most definitely. > >>> > >>> kr > >>> > >>> On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar > >>> <mir...@gm...> wrote: > >>> > Downloading right now. Will report back. > >>> > > >>> > KR > >>> > > >>> > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis > >>> > <ant...@gm...> wrote: > >>> >> Hi Miroslav and thanks for your answer, > >>> >> > >>> >> I did reproduce the results a couple of times and you can easily do > so. > >>> >> > >>> >> My target is the ctf6 lampsec security (you can downloaded from > >>> >> http://sourceforge.net/projects/lampsecurity/). > >>> >> > >>> >> After a very fast browsing, I crawled the rest of the site using > >>> >> Webscarab. > >>> >> > >>> >> I run the command sqlmap --batch -v 2 -l > >>> >> ../webscarab-logs/conversations/ > >>> >> > >>> >> sqlmap failed to find any sqli. > >>> >> > >>> >> Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one > of > >>> >> the > >>> >> vulnerable urls) and it does find the sqli vulnerability. > >>> >> > >>> >> please let me know if you want me to send you any logs. > >>> >> > >>> >> Regards > >>> >> > >>> >> Antonios > >>> >> > >>> >> 2011/1/18 Miroslav Stampar <mir...@gm...> > >>> >>> > >>> >>> Hi Antonios. > >>> >>> > >>> >>> main question is: are you able to reproduce this kind of behavior > >>> >>> again? > >>> >>> > >>> >>> if yes, then sqlmap really has some "bug" and it would be great if > you > >>> >>> could (maybe privately) provide is with further details from used > >>> >>> logs. > >>> >>> > >>> >>> if no, thing that comes to my mind and that can screw things up is > >>> >>> "dynamicity". we've worked hard to make a good comparison/detection > >>> >>> engine together with dynamicity removal, but still, pages with lots > of > >>> >>> garbaged styles/tags/scripts... can screw things up, especially > when > >>> >>> only a small part of the page is affected by injection itself. > hence > >>> >>> there are switches like --string and --text-only (removes all > >>> >>> tags/scripts/styles and retrieves only pure text) that can do > miracles > >>> >>> in those kind of cases. > >>> >>> > >>> >>> KR > >>> >>> > >>> >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis > >>> >>> <ant...@gm...> wrote: > >>> >>> > > >>> >>> > Hello to the list, > >>> >>> > > >>> >>> > after spidering a site that is vulnerable to SQLi with Webscarab, > I > >>> >>> > fed > >>> >>> > its > >>> >>> > conversations directory to sqlmap using the -l option. > >>> >>> > sqlmap didn't find any SQLi vulnerable. > >>> >>> > > >>> >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which > URL > >>> >>> > was > >>> >>> > also included in the webscarab conversations and it had also been > >>> >>> > tested > >>> >>> > before with sqlmap), and sqlmap did found this time the specific > >>> >>> > SQLi > >>> >>> > vulnerability. > >>> >>> > > >>> >>> > Has anyone else observed a problem using Webscarab conversations? > Is > >>> >>> > there > >>> >>> > any tip or trick that I can use in order to solve this problem? > >>> >>> > > >>> >>> > Thanks in advance > >>> >>> > > >>> >>> > Antonios > >>> >>> > > >>> >>> > > >>> >>> > > >>> >>> > > ------------------------------------------------------------------------------ > >>> >>> > Protect Your Site and Customers from Malware Attacks > >>> >>> > Learn about various malware tactics and how to avoid them. > >>> >>> > Understand > >>> >>> > malware threats, the impact they can have on your business, and > how > >>> >>> > you > >>> >>> > can protect your company and customers by using code signing. > >>> >>> > http://p.sf.net/sfu/oracle-sfdevnl > >>> >>> > _______________________________________________ > >>> >>> > sqlmap-users mailing list > >>> >>> > sql...@li... > >>> >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >>> >>> > > >>> >>> > > >>> >>> > >>> >>> > >>> >>> > >>> >>> -- > >>> >>> Miroslav Stampar > >>> >>> > >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> >>> Mobile: +385921010204 (HR 0921010204) > >>> >>> PGP Key ID: 0xB5397B1B > >>> >>> Location: Zagreb, Croatia > >>> >> > >>> >> > >>> >> > >>> > > >>> > > >>> > > >>> > -- > >>> > Miroslav Stampar > >>> > > >>> > E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> > Mobile: +385921010204 (HR 0921010204) > >>> > PGP Key ID: 0xB5397B1B > >>> > Location: Zagreb, Croatia > >>> > > >>> > >>> > >>> > >>> -- > >>> Miroslav Stampar > >>> > >>> E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> Mobile: +385921010204 (HR 0921010204) > >>> PGP Key ID: 0xB5397B1B > >>> Location: Zagreb, Croatia > >> > >> > > > > > > > > -- > > Miroslav Stampar > > > > E-mail / Jabber: miroslav.stampar (at) gmail.com > > Mobile: +385921010204 (HR 0921010204) > > PGP Key ID: 0xB5397B1B > > Location: Zagreb, Croatia > > > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- |
